Console APIs - Authentication
Refresh Token
Refresh expired access tokens using refresh tokens
POST
Refresh Token
Refresh expired access tokens using a valid refresh token to maintain uninterrupted API access.Authentication
This endpoint does not require authentication as it’s used to refresh expired tokens.Request Body
The refresh token obtained from the login endpoint.
Response Fields
Token refresh data object containing new tokens.
Human-readable message describing the result of the operation.
Operation status. Always “success” for successful token refresh.
Error Responses
400 Bad Request
400 Bad Request
- Missing refresh token
- Invalid request format
401 Unauthorized
401 Unauthorized
429 Too Many Requests
429 Too Many Requests
Usage Examples
Token Management Best Practices
Automatic Refresh
Automatic Refresh
Error Handling
Error Handling
Rate Limits
- Rate Limit: 20 requests per minute per user
- Burst Limit: 50 requests per 5-minute window
Security Considerations
Token Rotation
Token Rotation
- Refresh tokens are rotated on each use for enhanced security
- Old refresh tokens become invalid immediately after use
- Always store the new refresh token returned from this endpoint
Token Storage
Token Storage
- Store refresh tokens securely with appropriate encryption
- Use secure storage mechanisms (not localStorage for sensitive apps)
- Implement proper token cleanup on logout
Network Security
Network Security
- Always use HTTPS for token refresh requests
- Implement proper error handling without exposing sensitive information
- Monitor for suspicious refresh patterns
Best Practices
Implement Auto-Refresh
Set up automatic token refresh before expiration to ensure uninterrupted API access.
Handle Refresh Failures
Implement proper error handling for refresh token failures and redirect to login when needed.
Update Token Storage
Always update stored tokens with the new values returned from the refresh endpoint.